feat(ci): add GitHub Actions workflow for strat/review-bot PRs

Adds .github/workflows/review.yml to run AI code review on PRs using SAP AI Core. Three reviewers: sonnet, gpt, security (same as Gitea CI). Uses the .gitea/actions/review composite action which auto-detects GitHub vs Gitea runners via GITHUB_API_URL and uses GitHub REST API accordingly. Prerequisites: - Set required secrets on strat/review-bot (see comments in workflow) - Publish at least one release of review-bot on strat/review-bot with review-bot-linux-amd64 and checksums.txt assets Runs on ubuntu-24.04 (matching the runner label used by strat org).
2026-05-14 20:21:16 +00:00
parent b531da1355
commit b6ba4e4636
1 changed files with 77 additions and 0 deletions
@@ -0,0 +1,77 @@
+name: AI Code Review
+
+# AI code review for pull requests on github.concur.com/strat/review-bot.
+# Uses SAP AI Core as the LLM provider (same as the Gitea CI workflow).
+#
+# Prerequisites before this workflow can run:
+#   1. Set required secrets on strat/review-bot (see list below)
+#   2. Publish at least one release of review-bot on strat/review-bot
+#      (or change action-repo to a repo that already has releases)
+#
+# Required secrets:
+#   SONNET_REVIEW_TOKEN  — GitHub token for the Sonnet reviewer bot
+#   GPT_REVIEW_TOKEN     — GitHub token for the GPT reviewer bot
+#   AICORE_CLIENT_ID     — SAP AI Core OAuth client ID
+#   AICORE_CLIENT_SECRET — SAP AI Core OAuth client secret
+#   AICORE_AUTH_URL      — SAP AI Core OAuth token endpoint
+#   AICORE_API_URL       — SAP AI Core inference API URL
+#   AICORE_RESOURCE_GROUP — SAP AI Core resource group (optional, default: default)
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  test:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.26'
+      - run: go test ./...
+      - run: go vet ./...
+      - run: go build -o review-bot ./cmd/review-bot
+
+  review:
+    runs-on: ubuntu-24.04
+    if: github.event_name == 'pull_request'
+    needs: test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: sonnet
+            token_secret: SONNET_REVIEW_TOKEN
+            model: anthropic--claude-4.6-sonnet
+          - name: gpt
+            token_secret: GPT_REVIEW_TOKEN
+            model: gpt-5
+          - name: security
+            token_secret: GPT_REVIEW_TOKEN
+            model: gpt-5
+            system_prompt_file: SECURITY_REVIEW.md
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.gitea/actions/review
+        with:
+          # On GHES runners, vcs-url is ignored; the composite action uses github.server_url.
+          # action-repo must be a repo with published review-bot releases.
+          # Requires strat/review-bot to have at least one release tag with
+          # review-bot-linux-amd64 and checksums.txt assets.
+          vcs-url: https://gitea.weiker.me
+          action-repo: strat/review-bot
+          reviewer-token: ${{ secrets[matrix.token_secret] }}
+          reviewer-name: ${{ matrix.name }}
+          llm-provider: aicore
+          llm-model: ${{ matrix.model }}
+          aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }}
+          aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }}
+          aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }}
+          aicore-api-url: ${{ secrets.AICORE_API_URL }}
+          aicore-resource-group: ${{ secrets.AICORE_RESOURCE_GROUP }}
+          conventions-file: CONVENTIONS.md
+          patterns-repo: rodin/go-patterns
+          patterns-files: README.md,patterns/
+          timeout: "600"
+          system-prompt-file: ${{ matrix.system_prompt_file || '' }}